New Guess-and-Determine Attack on the Self-Shrinking Generator

  • Bin Zhang
  • Dengguo Feng
Conference paper

DOI: 10.1007/11935230_4

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4284)
Cite this paper as:
Zhang B., Feng D. (2006) New Guess-and-Determine Attack on the Self-Shrinking Generator. In: Lai X., Chen K. (eds) Advances in Cryptology – ASIACRYPT 2006. ASIACRYPT 2006. Lecture Notes in Computer Science, vol 4284. Springer, Berlin, Heidelberg


We propose a new type of guess-and-determine attack on the self-shrinking generator (SSG). The inherent flexibility of the new attack enables us to deal with different attack conditions and requirements smoothly. For the SSG with a length L LFSR of arbitrary form, our attack can reliably restore the initial state with time complexity O(20.556 L), memory complexity O(L2) from O(20.161L)-bit keystream for L≥100 and time complexity O(20.571 L), memory complexity O(L2) from O(20.194 L)-bit keystream for L< 100. Therefore, our attack is better than all the previously known attacks on the SSG and especially, it compares favorably with the time/memory/data tradeoff attack which typically has time complexity O(20.5 L), memory complexity O(20.5 L) and data complexity O(20.25 L)-bit keystream after a pre-computation phase of complexity O(20.75 L). It is well-known that one of the open research problems in stream ciphers specified by the European STORK (Strategic Roadmap for Crypto) project is to find an attack on the self-shrinking generator with complexity lower than that of a generic time/memory/data tradeoff attack. Our result is the best answer to this problem known so far.


Stream cipher Self-shrinking Guess-and-determine Linear feedback shift register (LFSR) 

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Bin Zhang
    • 1
  • Dengguo Feng
    • 1
  1. 1.Chinese Academy of SciencesState Key Laboratory of Information Security, Institute of SoftwareBeijingP.R. China

Personalised recommendations